1 | # Debian Cyrus imapd.conf |
---|
2 | # See imapd.conf(5) for more information and more options |
---|
3 | |
---|
4 | # Configuration directory |
---|
5 | configdirectory: /var/lib/cyrus |
---|
6 | |
---|
7 | # Directories for proc and lock files |
---|
8 | proc_path: /run/cyrus/proc |
---|
9 | mboxname_lockpath: /run/cyrus/lock |
---|
10 | |
---|
11 | # Which partition to use for default mailboxes |
---|
12 | defaultpartition: default |
---|
13 | partition-default: /var/spool/cyrus/mail |
---|
14 | |
---|
15 | # News setup |
---|
16 | partition-news: /var/spool/cyrus/news |
---|
17 | newsspool: /var/spool/news |
---|
18 | |
---|
19 | # Alternate namespace |
---|
20 | # If enabled, activate the alternate namespace as documented in |
---|
21 | # /usr/share/doc/cyrus-doc-2.4/html/altnamespace.html, where an user's |
---|
22 | # subfolders are in the same level as the INBOX |
---|
23 | # See also userprefix and sharedprefix on imapd.conf(5) |
---|
24 | altnamespace: no |
---|
25 | |
---|
26 | # UNIX Hierarchy Convention |
---|
27 | # Set to yes, and cyrus will accept dots in names, and use the forward |
---|
28 | # slash "/" to delimit levels of the hierarchy. This is done by converting |
---|
29 | # internally all dots to "^", and all "/" to dots. So the "rabbit.holes" |
---|
30 | # mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes" |
---|
31 | unixhierarchysep: yes |
---|
32 | |
---|
33 | # Rejecting illegal characters in headers |
---|
34 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
35 | # set. However, too many badly-written MUAs generate this, including most |
---|
36 | # spamware. Enable this to reject such messages. |
---|
37 | #reject8bit: yes |
---|
38 | |
---|
39 | # Munging illegal characters in headers |
---|
40 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
41 | # set. However, too many badly-written MUAs generate this, including most |
---|
42 | # spamware. If you kept reject8bit disabled, you can choose to leave the |
---|
43 | # crappage untouched by disabling this (if you don't care that IMAP SEARCH |
---|
44 | # won't work right anymore. |
---|
45 | #munge8bit: no |
---|
46 | |
---|
47 | # Forcing recipient user to lowercase |
---|
48 | # Cyrus IMAPD is case-sensitive. If all your mail users are in lowercase, it is |
---|
49 | # probably a very good idea to set lmtp_downcase_rcpt to true. This is set by |
---|
50 | # default, per RFC2821. This was not set by default in debian versions up to |
---|
51 | # and including 2.2.12-4. |
---|
52 | lmtp_downcase_rcpt: yes |
---|
53 | |
---|
54 | # Uncomment the following and add the space-separated users who |
---|
55 | # have admin rights for all services. |
---|
56 | admins: cyrus expresso-admin |
---|
57 | |
---|
58 | # Space-separated list of users that have lmtp "admin" status (i.e. that |
---|
59 | # can deliver email through TCP/IP lmtp). If specified, this parameter |
---|
60 | # overrides the "admins" parameter above |
---|
61 | #lmtp_admins: postman |
---|
62 | |
---|
63 | # Space-separated list of users that have mupdate "admin" status, in |
---|
64 | # addition to those in the admins: entry above. Note that mupdate slaves and |
---|
65 | # backends in a Murder cluster need to autenticate against the mupdate master |
---|
66 | # as admin users. |
---|
67 | #mupdate_admins: mupdateman |
---|
68 | |
---|
69 | # Space-separated list of users that have imapd "admin" status, in |
---|
70 | # addition to those in the admins: entry above |
---|
71 | #imap_admins: cyrus |
---|
72 | |
---|
73 | # Space-separated list of users that have sieve "admin" status, in |
---|
74 | # addition to those in the admins: entry above |
---|
75 | #sieve_admins: cyrus |
---|
76 | |
---|
77 | # List of users and groups that are allowed to proxy for other users, |
---|
78 | # seperated by spaces. Any user listed in this will be allowed to login |
---|
79 | # for any other user. Like "admins:" above, you can have imap_proxyservers |
---|
80 | # and sieve_proxyservers. |
---|
81 | #proxyservers: cyrus |
---|
82 | |
---|
83 | # No anonymous logins |
---|
84 | allowanonymouslogin: no |
---|
85 | |
---|
86 | # Minimum time between POP mail fetches in minutes |
---|
87 | popminpoll: 1 |
---|
88 | |
---|
89 | # If nonzero, normal users may create their own IMAP accounts by creating |
---|
90 | # the mailbox INBOX. The user's quota is set to the value if it is positive, |
---|
91 | # otherwise the user has unlimited quota. |
---|
92 | autocreatequota: 0 |
---|
93 | |
---|
94 | # umask used by Cyrus programs |
---|
95 | umask: 077 |
---|
96 | |
---|
97 | # Sendmail binary location |
---|
98 | # DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. |
---|
99 | # For now, to work around the bug, set this to a wrapper that calls |
---|
100 | # /usr/sbin/sendmail -dropcr instead if you use Exim 3. |
---|
101 | #sendmail: /usr/sbin/sendmail |
---|
102 | |
---|
103 | # If enabled, cyrdeliver will look for Sieve scripts in user's home |
---|
104 | # directories: ~user/.sieve. |
---|
105 | sieveusehomedir: false |
---|
106 | |
---|
107 | # If sieveusehomedir is false, this directory is searched for Sieve scripts. |
---|
108 | sievedir: /var/spool/sieve |
---|
109 | |
---|
110 | # Extencoes para o SIEVE |
---|
111 | # Para o cyrus >= 2.4 |
---|
112 | sieve_extensions: fileinto reject vacation imapflags notify envelope relational regex subaddress copy body include |
---|
113 | |
---|
114 | # notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" |
---|
115 | # notifications are disabled. Valid methods are: null, log, zephyr |
---|
116 | #mailnotifier: zephyr |
---|
117 | |
---|
118 | # notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" |
---|
119 | # notifications are disabled. This method is only used when no method is |
---|
120 | # specified in the script. Valid methods are null, log, zephyr, mailto |
---|
121 | #sievenotifier: zephyr |
---|
122 | |
---|
123 | # DRAC (pop-before-smtp, imap-before-smtp) support |
---|
124 | # Set dracinterval to the time in minutes to call DRAC while a user is |
---|
125 | # connected to the imap/pop services. Set to 0 to disable DRAC (default) |
---|
126 | # Set drachost to the host where the rpc drac service is running |
---|
127 | #dracinterval: 0 |
---|
128 | #drachost: localhost |
---|
129 | |
---|
130 | # If enabled, the partitions will also be hashed, in addition to the hashing |
---|
131 | # done on configuration directories. This is recommended if one partition has a |
---|
132 | # very bushy mailbox tree. |
---|
133 | hashimapspool: true |
---|
134 | |
---|
135 | # Allow plaintext logins by default (SASL PLAIN) |
---|
136 | allowplaintext: yes |
---|
137 | |
---|
138 | # Force PLAIN/LOGIN authentication only |
---|
139 | # (you need to uncomment this if you are not using an auxprop-based SASL |
---|
140 | # mechanism. saslauthd users, that means you!). And pay attention to |
---|
141 | # sasl_minimum_layer and allowapop below, too. |
---|
142 | sasl_mech_list: PLAIN |
---|
143 | |
---|
144 | # Allow use of the POP3 APOP authentication command. |
---|
145 | # Note that this command requires that the plaintext passwords are |
---|
146 | # available in a SASL auxprop backend (eg. sasldb), and that the system |
---|
147 | # can provide enough entropy (eg. from /dev/urandom) to create a challenge |
---|
148 | # in the banner. |
---|
149 | #allowapop: no |
---|
150 | |
---|
151 | # The minimum SSF that the server will allow a client to negotiate. A |
---|
152 | # value of 1 requires integrity protection; any higher value requires some |
---|
153 | # amount of encryption. |
---|
154 | #sasl_minimum_layer: 0 |
---|
155 | |
---|
156 | # The maximum SSF that the server will allow a client to negotiate. A |
---|
157 | # value of 1 requires integrity protection; any higher value requires some |
---|
158 | # amount of encryption. |
---|
159 | #sasl_maximum_layer: 256 |
---|
160 | |
---|
161 | # List of remote realms whose users may log in using cross-realm |
---|
162 | # authentications. Seperate each realm name by a space. A cross-realm |
---|
163 | # identity is considered any identity returned by SASL with an "@" in it. |
---|
164 | # NOTE: To support multiple virtual domains on the same interface/IP, |
---|
165 | # you need to list them all as loginreals. If you don't list them here, |
---|
166 | # (most of) your users probably won't be able to log in. |
---|
167 | #loginrealms: example.com |
---|
168 | |
---|
169 | # Enable virtual domain support. If enabled, the user's domain will |
---|
170 | # be determined by splitting a fully qualified userid at the last '@' |
---|
171 | # or '%' symbol. If the userid is unqualified, and the virtdomains |
---|
172 | # option is set to "on", then the domain will be determined by doing |
---|
173 | # a reverse lookup on the IP address of the incoming network |
---|
174 | # interface, otherwise the user is assumed to be in the default |
---|
175 | # domain (if set). |
---|
176 | #virtdomains: userid |
---|
177 | |
---|
178 | # The default domain for virtual domain support |
---|
179 | # If the domain of a user can't be taken from its login and it can't |
---|
180 | # be determined by doing a reverse lookup on the interface IP, this |
---|
181 | # domain is used. |
---|
182 | #defaultdomain: |
---|
183 | |
---|
184 | # |
---|
185 | # SASL library options (these are handled directly by the SASL libraries, |
---|
186 | # refer to SASL documentation for an up-to-date list of these) |
---|
187 | # |
---|
188 | |
---|
189 | # The mechanism(s) used by the server to verify plaintext passwords. Possible |
---|
190 | # values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They |
---|
191 | # are tried in order, you can specify more than one, separated by spaces. |
---|
192 | # |
---|
193 | # Do note that, since sasl will be run as user cyrus, you may have a lot of |
---|
194 | # trouble to set this up right. |
---|
195 | sasl_pwcheck_method: saslauthd |
---|
196 | #sasl_pwcheck_method: auxprop |
---|
197 | |
---|
198 | # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop |
---|
199 | # by default, all plugins are tried (which is probably NOT what you want). |
---|
200 | #sasl_auxprop_plugin: sasldb |
---|
201 | |
---|
202 | # If enabled, the SASL library will automatically create authentication secrets |
---|
203 | # when given a plaintext password. Refer to SASL documentation |
---|
204 | sasl_auto_transition: no |
---|
205 | |
---|
206 | # |
---|
207 | # SSL/TLS Options |
---|
208 | # |
---|
209 | |
---|
210 | # File containing the global certificate used for ALL services (imap, pop3, |
---|
211 | # lmtp, sieve) |
---|
212 | #tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem |
---|
213 | |
---|
214 | # File containing the private key belonging to the global server certificate. |
---|
215 | #tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key |
---|
216 | |
---|
217 | # File containing the certificate used for imap. If not specified, the global |
---|
218 | # certificate is used. A value of "disabled" will disable SSL/TLS for imap. |
---|
219 | #imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem |
---|
220 | |
---|
221 | # File containing the private key belonging to the imap-specific server |
---|
222 | # certificate. If not specified, the global private key is used. A value of |
---|
223 | # "disabled" will disable SSL/TLS for imap. |
---|
224 | #imap_tls_key_file: /etc/ssl/private/cyrus-imap.key |
---|
225 | |
---|
226 | # File containing the certificate used for pop3. If not specified, the global |
---|
227 | # certificate is used. A value of "disabled" will disable SSL/TLS for pop3. |
---|
228 | #pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem |
---|
229 | |
---|
230 | # File containing the private key belonging to the pop3-specific server |
---|
231 | # certificate. If not specified, the global private key is used. A value of |
---|
232 | # "disabled" will disable SSL/TLS for pop3. |
---|
233 | #pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key |
---|
234 | |
---|
235 | # File containing the certificate used for lmtp. If not specified, the global |
---|
236 | # certificate is used. A value of "disabled" will disable SSL/TLS for lmtp. |
---|
237 | #lmtp_tls_cert_file: /etc/ssl/certs/cyrus-lmtp.pem |
---|
238 | |
---|
239 | # File containing the private key belonging to the lmtp-specific server |
---|
240 | # certificate. If not specified, the global private key is used. A value of |
---|
241 | # "disabled" will disable SSL/TLS for lmtp. |
---|
242 | #lmtp_tls_key_file: /etc/ssl/private/cyrus-lmtp.key |
---|
243 | |
---|
244 | # File containing the certificate used for sieve. If not specified, the global |
---|
245 | # certificate is used. A value of "disabled" will disable SSL/TLS for sieve. |
---|
246 | #sieve_tls_cert_file: /etc/ssl/certs/cyrus-sieve.pem |
---|
247 | |
---|
248 | # File containing the private key belonging to the sieve-specific server |
---|
249 | # certificate. If not specified, the global private key is used. A value of |
---|
250 | # "disabled" will disable SSL/TLS for sieve. |
---|
251 | #sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key |
---|
252 | |
---|
253 | # File containing one or more Certificate Authority (CA) certificates. |
---|
254 | #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem |
---|
255 | |
---|
256 | # Path to directory with certificates of CAs. |
---|
257 | tls_ca_path: /etc/ssl/certs |
---|
258 | |
---|
259 | # The length of time (in minutes) that a TLS session will be cached for later |
---|
260 | # reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will |
---|
261 | # disable session caching. |
---|
262 | tls_session_timeout: 1440 |
---|
263 | |
---|
264 | # The list of SSL/TLS ciphers to allow, in decreasing order of precedence. |
---|
265 | # The format of the string is described in ciphers(1). The Debian default |
---|
266 | # selects TLSv1 high-security ciphers only, and removes all anonymous ciphers |
---|
267 | # from the list (because they provide no defense against man-in-the-middle |
---|
268 | # attacks). It also orders the list so that stronger ciphers come first. |
---|
269 | tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH |
---|
270 | |
---|
271 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
---|
272 | #tls_require_cert: false |
---|
273 | |
---|
274 | # Require a client certificate for imap ONLY. |
---|
275 | #imap_tls_require_cert: false |
---|
276 | |
---|
277 | # Require a client certificate for pop3 ONLY. |
---|
278 | #pop3_tls_require_cert: false |
---|
279 | |
---|
280 | # Require a client certificate for lmtp ONLY. |
---|
281 | #lmtp_tls_require_cert: false |
---|
282 | |
---|
283 | # Require a client certificate for sieve ONLY. |
---|
284 | #sieve_tls_require_cert: false |
---|
285 | |
---|
286 | # |
---|
287 | # Cyrus Murder cluster configuration |
---|
288 | # |
---|
289 | # Set the following options to the values needed for this server to |
---|
290 | # autenticate against the mupdate master server: |
---|
291 | # mupdate_server |
---|
292 | # mupdate_port |
---|
293 | # mupdate_username |
---|
294 | # mupdate_authname |
---|
295 | # mupdate_realm |
---|
296 | # mupdate_password |
---|
297 | # mupdate_retry_delay |
---|
298 | |
---|
299 | ## |
---|
300 | ## KEEP THESE IN SYNC WITH cyrus.conf |
---|
301 | ## |
---|
302 | # Unix domain socket that lmtpd listens on. |
---|
303 | lmtpsocket: /var/run/cyrus/socket/lmtp |
---|
304 | |
---|
305 | # Unix domain socket that idled listens on. |
---|
306 | idlesocket: /var/run/cyrus/socket/idle |
---|
307 | |
---|
308 | # Unix domain socket that the new mail notification daemon listens on. |
---|
309 | notifysocket: /var/run/cyrus/socket/notify |
---|
310 | |
---|
311 | # Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.) |
---|
312 | syslog_prefix: cyrus |
---|
313 | |
---|
314 | ## |
---|
315 | ## DEBUGGING |
---|
316 | ## |
---|
317 | # Debugging hook. See /usr/share/doc/cyrus-common-2.4/README.Debian.debug |
---|
318 | # Keep the hook disabled when it is not in use |
---|
319 | # |
---|
320 | # gdb Back-traces |
---|
321 | #debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 & |
---|
322 | # |
---|
323 | # system-call traces |
---|
324 | #debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
325 | # |
---|
326 | # library traces |
---|
327 | #debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
328 | |
---|
329 | ## Para o Expresso ## |
---|
330 | # Allow rename of users |
---|
331 | allowusermoves: yes |
---|
332 | |
---|
333 | #Size (in kilobytes) of the shared memory buffer pool (cache) used by the berkeley environment. |
---|
334 | berkeley_cachesize: 2048 |
---|
335 | |
---|
336 | #Maximum number of transactions to be supported in the berkeley environment. |
---|
337 | berkeley_txns_max: 200 |
---|
338 | |
---|
339 | # Disable duplicate message suppression |
---|
340 | duplicatesuppression: 0 |
---|
341 | |
---|
342 | #lmtpd returns a permanent failure code when a user's mailbox is over quota. |
---|
343 | lmtp_over_quota_perm_failure: 1 |
---|